O365 Roles

Iron Contributor

How can I block the Security and Compliance section of O365 for certain global admins or how can I alter their permissions to still give them access to o365 Except the Security and Complaince.

 

I need to block the helpdesk from this section due to the nature of some of the searches i do.

 

I still need to them to be able to assign LIC to new user accounts, make mailbox changes like retention policy, making a user mailbox a shared mailbox, create resource mailboxes etc.  

3 Replies
Have you reviewed different roles you can configure at the Compliance & Security Center?

Global Admins in Office 365 by nature have access to all administrative capabilities within the tenant - there is no way to limit this.

Instead, I would look at giving your helpdesk resources a mix of other admin roles to achieve what they need. Here's a good breakdown of those roles: https://support.office.com/en-us/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b...

This will also help you comply with Microsoft's recommendation to limit the amount of Global Admins in your tenant (and improve your Office 365 Secure Score!).

Awesome I will look this over.